the request is going to come in to ask "Is [EMAIL PROTECTED] a member of
group blazo?". There's not going to be a password or any authentication
information in this first request. Assuming RADIUS says "Yes", the
device will get the user name and password and respond with an authentication
request with username and password.
Owen
--On Thursday, July 10, 2003 20:03 -0400 Gene Parks <[EMAIL PROTECTED]> wrote:
It does that by default. It is looking specifically for the realm if you setup radiusd.conf to do that. It will reject anything it doesn't find.
Gene
-----Original Message----- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Thursday, July 10, 2003 4:54 PM To: [EMAIL PROTECTED] Subject: Group Membership jury-rigging
I have an application where I have a device that will be doing group membership queries against my radius server looking for members in a group called "foo" of the form "[EMAIL PROTECTED]". Is there any way to jury rig radius such that it will:
Only permit @blah.zorp and reject any other @foo.blah.
Take user from [EMAIL PROTECTED] and look it up in LDAP.
Return True if user is found and fals if usre is not found.
If anyone has any handy config examples for how to accomplish this, I'd be _VERY_ appreciative.
Thanks,
Owen
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
